minimal example code location
Some checks failed
Build and Push Docker Image / build-and-push (push) Has been cancelled
Some checks failed
Build and Push Docker Image / build-and-push (push) Has been cancelled
This commit is contained in:
Richard Mrasek
37
Dockerfile
37
Dockerfile
@@ -11,16 +11,9 @@ RUN addgroup --gid 1000 appgroup && \
|
||||
|
||||
# Install system dependencies:
|
||||
# - git: required to fetch util-services from GitLab (tool.uv.sources)
|
||||
# - build-essential / gcc / g++ / python3-dev / cmake: native extensions
|
||||
# (scrubadub-spacy → spaCy, pycanon, etc.)
|
||||
# - curl: optional healthcheck / runtime tooling
|
||||
RUN apt-get update && apt-get upgrade -y \
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends \
|
||||
build-essential=12.9 \
|
||||
cmake=3.25.1-1 \
|
||||
gcc=4:12.2.0-3 \
|
||||
g++=4:12.2.0-3 \
|
||||
python3-dev=3.11.2-1+b1 \
|
||||
git=1:2.39.5-0+deb12u3 \
|
||||
curl=7.88.1-10+deb12u14 \
|
||||
&& apt-get clean \
|
||||
@@ -28,41 +21,35 @@ RUN apt-get update && apt-get upgrade -y \
|
||||
&& rm -rf /tmp/* \
|
||||
&& rm -rf /var/tmp/*
|
||||
|
||||
# Pre-own /app so appuser can write to it
|
||||
RUN chown -R appuser:appgroup /app
|
||||
# Ensure appuser can create the project virtual environment in /app
|
||||
RUN chown appuser:appgroup /app
|
||||
|
||||
# Copy project metadata and source
|
||||
COPY pyproject.toml .
|
||||
COPY uv.lock .
|
||||
COPY src/ ./src/
|
||||
COPY --chown=appuser:appgroup pyproject.toml .
|
||||
COPY --chown=appuser:appgroup uv.lock .
|
||||
COPY --chown=appuser:appgroup src/ ./src/
|
||||
|
||||
# uv environment knobs:
|
||||
# UV_COMPILE_BYTECODE → compile .pyc files at install time for faster cold start
|
||||
# UV_COMPILE_BYTECODE → disable .pyc precompile to reduce image size
|
||||
# UV_LINK_MODE=copy → copy files instead of symlinks (required in Docker layers)
|
||||
# UV_SYSTEM_PYTHON=1 → install into the system Python (no extra venv needed)
|
||||
ENV UV_COMPILE_BYTECODE=1
|
||||
ENV UV_COMPILE_BYTECODE=0
|
||||
ENV UV_LINK_MODE=copy
|
||||
ENV UV_SYSTEM_PYTHON=1
|
||||
|
||||
# Install the project and all dependencies, respecting [tool.uv.sources]
|
||||
# (git source for util-services and pytorch-cpu index for torch)
|
||||
# BuildKit cache mount keeps the uv package cache across builds
|
||||
RUN --mount=type=cache,target=/root/.cache/uv \
|
||||
uv sync --frozen --no-dev
|
||||
USER appuser
|
||||
|
||||
RUN --mount=type=cache,target=/home/appuser/.cache/uv,uid=1000,gid=1000 \
|
||||
uv sync --frozen --no-dev --no-install-package torch
|
||||
|
||||
# Put the project's venv on PATH (matches WORKDIR)
|
||||
ENV PATH="/app/.venv/bin:${PATH}"
|
||||
ENV PYTHONPATH="/app/src"
|
||||
|
||||
# Make /app writable for the non-root user (e.g. spaCy model downloads)
|
||||
RUN chown -R 1000:1000 /app && chmod -R u+w /app
|
||||
|
||||
# Provide a real home directory for appuser
|
||||
RUN mkdir -p /home/appuser && chown -R 1000:1000 /home/appuser
|
||||
ENV HOME=/home/appuser
|
||||
|
||||
USER appuser
|
||||
|
||||
# Sanity-check: fail the build early if the dagster CLI is missing
|
||||
RUN dagster --version
|
||||
|
||||
|
||||
Reference in New Issue
Block a user